Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
For many in this community, a functioning quantum computer will probably still feel quite fictional — an innovation that’s still light-years away. There’s also the idea that, well, wouldn’t a functioning quantum computer be a good thing? Won’t a functioning quantum computer, for example, enable scientists to accelerate drug discovery and development?
The flip side is that while these computers will bring many benefits, they also bring new security risks, which are much closer to hand than many expect. The first functioning cryptographically relevant quantum computer (CRQC) will have the power to break through the public-key encryption widely relied upon today to protect information. That means that data, no matter how secure it may be right now, will be vulnerable to a future attack on a scale never seen before.
To remedy this danger, the National Institute of Standards and Technology (NIST) began running a competition in 2016 to identify new quantum-safe encryption algorithms. It has recently made its decision on what algorithms will become the new standard. Companies that have been waiting for certainty about what kind of new encryption to use can now begin migrating their infrastructure to protect their data.
Let’s look at what this migration should look like and how organizations can best set themselves up to protect their data for years to come.
MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.
The quantum threat
As alluded to above, it is widely accepted that a sufficiently mature quantum computer will be able to break today’s public-key encryption (PKC) standards — RSA and Elliptic Curve.
So, what are the implications? Put simply, without secure encryption, the digital economy would cease to function, as PKC is used everywhere in our daily digital interactions. With a mature quantum computer, a hacker could:
- Empty people’s bank accounts or cryptocurrency wallets
- Intercept and decrypt sensitive communications
- Disable critical infrastructure like power grids and communications networks
- Expose virtually any secret we wish to keep secret
The timing here is still much debated, but many predictions mistakenly focus on commercial quantum computers being up to 15-20 years away. The threat that I am referring to is not a commercial quantum computer that JP Morgan can buy to do its own trading analysis. I’m talking about the sheer power to do code-breaking under lab conditions, which will come far sooner. The cybersecurity community estimates this could occur in as few as five years.
Even if we can’t predict the exact moment a functioning quantum machine proliferates, billions of dollars are being poured into quantum computing R&D, meaning it’s really only a matter of time until the encryption relied on by virtually every application in use today can be cracked. Further, even if the first quantum computer isn’t seen until 2030, we are still in a race against time to stay secure. It’s estimated that it would take at least 10 years to migrate the existing cryptographic infrastructure, because that entails transforming most electronic devices that connect to the internet.
Harvest now, decrypt later
Adding to this threat is the possibility that, even today, organizations with sensitive data that has a long shelf life could see that data being harvested and captured by criminals intending to decrypt it once a sufficiently powerful quantum computer arrives. In other words, any data with a multi-year lifespan could be collected today and decrypted in the future. This could include government secrets, R&D innovation, trading data in financial services, and strategic plans.
This harvest-now, decrypt-later (HNDL) threat is backed up by numerous pieces of research, which find that rogue actors will likely start collecting encrypted data with long-term utility, expecting to eventually decrypt it with quantum computers. I’d argue that this could already be happening, such as in instances where we see internet traffic re-routed on unusual global paths for no apparent reason before returning to normal. To back up my observations, several Five Eyes agencies have also commented on this phenomenon becoming more frequent.
Mapping a path to protection
With this array of threats, NIST has taken the lead in coordinating a global response. Its Post-Quantum Cryptography (PQC) Program is a multi-year effort to identify new encryption algorithms that are resistant to a future code-breaking quantum computer and can protect data from HNDL attacks.
After drawing upon entries from top academic and private-sector cryptographers, NIST has finally decided which algorithms will become the new standard in global cryptography. NIST has chosen CRYSTALS-Kyber for general encryption and CRYSTALS-Dilithium, FALCON, and SPHINCS+ for digital signatures. It has also advanced four other candidates for additional scrutiny, including the ultra-secure Classic McEliece. Whereas the current PKC standards (RSA and Elliptic Curve) can be used for both encryption and digital signing, different post-quantum algorithms cannot, which means that they will replace existing PKC with a pair of different algorithms.
With these new standards now finalized, companies that have been waiting for certainty on what kind of new encryption to use can begin migrating their infrastructure to protect their data. This will be no easy task, so here is a non-exhaustive list of recommendations for organizations looking to take this PQC migration seriously:
1. If you haven’t done so already, set up your Y2Q crypto-migration project now, and give it significant backing and investment. Just as with any large IT program or project, you will need to have a dedicated team with the right skills and resources to ensure success.
2. Once this is in place, the initial goal of the project team should be to conduct a crypto inventory audit. This means taking stock of where cryptography is deployed today across the organization, making sure that you can map out a migration path that prioritizes high-value assets while identifying any expected impact on operational systems.
3. One of the main considerations for your project team is adopting hybridization. This means choosing and deploying solutions that keep the tried and tested classical cryptography we use today, like RSA, alongside one or more post-quantum algorithms, ensuring you’re protected against both current and future threats.
Further, the use cases where encryption is needed vary across industries and sectors, so adopting crypto agility — where different PQC algorithms can be used depending on the applications — will give you greater flexibility. This is particularly the case with algorithms that are being analyzed in a fourth round, which have the potential to also become future standards, some potentially more appropriate for high-security use cases.
4. Finally, you should consider deploying a hybrid quantum-safe VPN. The Internet Engineering Task Force (IETF) has developed a set of specifications for such VPN products, recommending crypto-agile solutions that support hybrid key establishment, meaning post-quantum algorithms can work alongside today’s standards. Quantum-safe VPN products based on the IETF specification are already on the market, so upgrading is a relatively simple step you can already take.
Andersen Cheng is CEO of Post-Quantum.